Ledger warned its users to never share seed phrases via email or any other channel. In Virginia, a man was convicted of funding ISIS with cryptocurrency, and in Nigeria, authorities dismantled a crypto romance scam ring linked to Chinese organized crime groups. Meanwhile, the U.S. and UAE imposed sanctions on people and entities tied to North Korea’s crypto laundering network.
Ledger Users Warned About Sophisticated Phishing Scam
Phishing scammers are targeting Ledger users by impersonating the crypto hardware wallet provider’s support emails in an attempt to steal users’ wallet keys. Fraudulent emails claim that Ledger experienced a “recent data breach” and instruct recipients to verify their private seed phrases to “safeguard” their assets. According to a Dec. 17 report from BleepingComputer and screenshots that were shared on X, the emails seem to come from Ledger’s official support address but are actually sent through an email marketing platform.
These emails direct users to a Ledger-branded website that looks very authentic and prompts visitors to “verify your Ledger.” Once on the site, a popup asks users to enter their seed phrases. These phrases are a critical combination of words that grants full control over a wallet. Having these phrases allows scammers to drain funds.
Ledger responded to concerned users on X, and clarified that the company will never request a 24-word recovery phrase via email, direct message, or phone call, and warning users to treat such requests as scams. It is still unclear if any Ledger users have fallen victim to this specific phishing attack.
(Source: BleepingComputer)
This incident happened after a Dec. 13 report of a Ledger user who lost $2.5 million in Bitcoin and non-fungible tokens. Although the user claimed to have never shared their seed phrase online, Ledger and other blockchain security firms suggest that the loss resulted from a phishing scam dating back to February of 2022, but the funds were only recently stolen.
Ledger faced other security challenges as well over the years, including a December 2023 breach of its connector library codebase. This is a tool that facilitates user access to decentralized finance applications. This compromise allowed an attacker to steal $484,000 from victims.
Security experts warn that phishing scams are likely to rise during the holiday season as online transactions increase. Meta also warned users of scam campaigns targeting holiday shoppers, including fake gift promotions, fraudulent decoration sales, and counterfeit retail coupons. Phishing losses in the crypto space did, however, fall by 53% month-on-month in November.
Virginia Man Convicted of Funding ISIS with Crypto
Crypto crimes do not stop with phishing attacks. Mohammed Azharuddin Chhipa, a 35-year-old resident of Springfield, Virginia, was convicted by a federal jury for making crypto donations to the terrorist organization ISIS.
The United States Department of Justice (DOJ) revealed that Chhipa sent $185,000 worth of cryptocurrency to ISIS members in Syria between October of 2019 and October of 2022. Evidence presented in court showed that these funds were used to support ISIS in various ways, including financing the escape of female ISIS members from prison camps and aiding ISIS fighters.
Chhipa raised funds through a combination of social media campaigns, electronic bank transfers, and in-person cash collections. The collected funds were then converted into crypto and sent to Turkey, from where they were smuggled into Syria to reach ISIS members. A British-born ISIS member residing in Syria was identified as Chhipa’s primary co-conspirator, and helped him with raising funds for prison escapes and terrorist attacks.
Chhipa was convicted on five counts, including conspiracy to provide material support to a designated foreign terrorist organization and four counts of providing or attempting to provide material support to such an organization. He faces a maximum prison sentence of 100 years if sentenced consecutively on all counts, although federal sentences are often less than the maximum penalties. The sentencing hearing is scheduled for May 5, 2025.
Massive Crypto Scam Ring Busted in Nigeria
Nigeria’s anti-corruption agency, the Economic and Financial Crimes Commission (EFCC), arrested 792 people during a raid on a building in Lagos on Dec. 10. The building was believed to be a hub for a massive crypto romance scam operation.
Among the suspects were 148 Chinese and 40 Filipino nationals, along with Nigerian accomplices. The EFCC spokesperson stated that the Nigerians were recruited by foreign leaders of the operation to lure victims online through phishing schemes. People from the United States, Canada, Mexico, and various European countries were their primary targets. Once trust was established, the foreign operators took over to defraud the victims.
The operation involved seducing victims over social media or offering fake crypto investment opportunities, coercing them to transfer funds in a scam known as pig butchering. Ken Gamble, co-founder of cybercrime investigative firm IFW Global, shared that Chinese organized crime groups are increasingly expanding into regions with weaker cybersecurity frameworks, including Africa, the Middle East, and Eastern Europe. He explained that these groups provide the technology, infrastructure, and financial resources to boost local scam operations.
Gamble also revealed that the Lagos operation was relatively small compared to larger schemes in Southeast Asia. Here, some groups employ thousands of people. Workers in these operations are often recruited through job ads and paid much higher wages than local standards. In Nigeria, for example, workers could earn $500 per month, which is ten times the minimum wage.
According to the EFCC, it is collaborating with international partners to investigate potential links between this scheme and broader organized crime networks.
U.S. and UAE Target North Korea’s Crypto Laundering Network
The United States Treasury Department’s Office of Foreign Assets Control (OFAC), in collaboration with the government of the United Arab Emirates, imposed sanctions on people and entities that are accused of facilitating North Korea’s digital asset laundering operations. The sanctions target two Chinese citizens, Lu Huaying and Zhang Jian, along with the UAE-based company Green Alpine Trading, for their roles in converting cryptocurrency and laundering funds used to support the Democratic People’s Republic of Korea (DPRK).
According to OFAC, Lu converted cryptocurrency into fiat to buy goods and services destined for North Korea or its proxies. His activity spans from early 2022 to September of 2023. Zhang was also involved in currency operations and allegedly served as a courier for Sim Hyon Sop, an executive of Korea Kwangson Banking Corporation.
Sim was sanctioned in April of 2023, and has been accused of orchestrating money laundering schemes and collaborating with North Korean IT workers to generate income illegally in the United States. Green Alpine Trading is based in the UAE, and is alleged to operate as a front for money laundering activities supporting Sim’s operations. The company’s website was also suspended.
Reports indicate that groups tied to North Korea stole between $600 million and $700 million in cryptocurrency in 2023 alone, with estimates of $3 billion stolen between 2017 and 2023. Some of the techniques linked to North Korean actors include impersonating authorized workers, hacking crypto exchanges, deploying malware, and using crypto mixers to obscure transactions.